I'm using the Jersey client API to submit SOAP requests to a JAX-WS webservice. By default Jersey is somehow using my Windows Nt credentials for authentication when challenged. Can anyone explain where Jersey does this in the code? And can it be overriden?
I have tried using HTTPBasicAuthFilter and adding as a filter on the Client开发者_StackOverflow社区. I have also tried adding my credentials to the WebResoruce queryParams field however neither are being picked up.
At first I got this working as documented in the Jersey User guide
Authenticator.setDefault (authinstance);
However I did not like this as it relied on setting a global authenticator. After some research I discovered that Jersey has a HTTPBasicAuthFilter
which is even easier to use.
Client c = Client.create();
c.addFilter(new HTTPBasicAuthFilter(user, password));
See: https://jersey.github.io/nonav/apidocs/1.10/jersey/com/sun/jersey/api/client/filter/HTTPBasicAuthFilter.html https://jersey.github.io/nonav/apidocs/1.10/jersey/com/sun/jersey/api/client/filter/Filterable.html#addFilter(com.sun.jersey.api.client.filter.ClientFilter)
Jersey 2.x:
HttpAuthenticationFeature feature = HttpAuthenticationFeature.basicBuilder()
.nonPreemptive()
.credentials("user", "password")
.build();
ClientConfig clientConfig = new ClientConfig();
clientConfig.register(feature) ;
Client client = ClientBuilder.newClient(clientConfig);
Reference: 5.9.1. Http Authentication Support
There's a small section in the Jersey User guide about Client authentication. I'd recommend you follow its advice and try using Apache HTTP Client instead of HttpURLConnection, as it has much better support for just about anything you'd want to do.
Adding this answer as I keep finding answers for older versions of Jersey that are no longer relevant in 2.x.
For Jersey 2 there are several ways. Take a look at:
JavaDoc for org.glassfish.jersey.client.authentication.HttpAuthenticationFeature
Here is the one that is working for me (simplest basic auth IMHO).
ClientConfig config = new ClientConfig();
HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("username", "password");
Client client = ClientBuilder.newClient(config);
client.register(feature);
WebTarget webTarget = client.target("http://api.asite.com/api").path("v1/reports/list");
Invocation.Builder invocationBuilder = webTarget.request(MediaType.TEXT_PLAIN_TYPE);
Response response = invocationBuilder.get();
System.out.println( response.getStatus() );
System.out.println( response.readEntity(String.class) );
If you are testing a Dropwizard application (maybe it suits any REST service), you can use this as an example: https://github.com/dropwizard/dropwizard/blob/v0.8.1/dropwizard-auth/src/test/java/io/dropwizard/auth/basic/BasicAuthProviderTest.java
Please find following working code without SSL
I am using put request , if need post/get just change it.
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.javacodegeeks.enterprise.rest.jersey</groupId>
<artifactId>JerseyJSONExample</artifactId>
<version>0.0.1-SNAPSHOT</version>
<repositories>
<repository>
<id>maven2-repository.java.net</id>
<name>Java.net Repository for Maven</name>
<url>http://download.java.net/maven/2/</url>
<layout>default</layout>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
<version>1.9</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-client</artifactId>
<version>1.9</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-json</artifactId>
<version>1.9</version>
</dependency>
</dependencies>
</project>
Java Class
package com.rest.jersey.jerseyclient;
import com.rest.jersey.dto.Employee;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.ClientConfig;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
import com.sun.jersey.api.client.filter.LoggingFilter;
import com.sun.jersey.api.json.JSONConfiguration;
public class JerseyClient {
public static void main(String[] args) {
try {
String username = "username";
String password = "p@ssword";
//{"userId":"12345","name ":"Viquar","surname":"Khan","email":"Vaquar.khan@gmail.com"}
Employee employee = new Employee("Viquar", "Khan", "Vaquar.khan@gmail.com");
ClientConfig clientConfig = new DefaultClientConfig();
clientConfig.getFeatures().put( JSONConfiguration.FEATURE_POJO_MAPPING, Boolean.TRUE);
Client client = Client.create(clientConfig);
//
final HTTPBasicAuthFilter authFilter = new HTTPBasicAuthFilter(username, password);
client.addFilter(authFilter);
client.addFilter(new LoggingFilter());
//
WebResource webResource = client
.resource("http://localhost:7001/VaquarKhanWeb/employee/api/v1/informations");
ClientResponse response = webResource.accept("application/json")
.type("application/json").put(ClientResponse.class, employee);
if (response.getStatus() != 200) {
throw new RuntimeException("Failed : HTTP error code : "
+ response.getStatus());
}
String output = response.getEntity(String.class);
System.out.println("Server response .... \n");
System.out.println(output);
} catch (Exception e) {
e.printStackTrace();
}
}
}
POJO
package com.rest.jersey.dto;
public class Employee {
private String name;
private String surname;
private String email;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getSurname() {
return surname;
}
public void setSurname(String surname) {
this.surname = surname;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
@Override
public String toString() {
return "Employee [name=" + name + ", surname=" + surname + ", email=" + email + "]";
}
public Employee(String name, String surname, String email) {
super();
this.name = name;
this.surname = surname;
this.email = email;
}
}
Yes for jersey 2.x you can do this to authenticate each request with basic auth (preemptive mode):
client.register(HttpAuthenticationFeature.basic(userName, password));
// rest invocation code ..
精彩评论